Control Category: Data Minimization and Retention

  • Anonymize information

    Anonymize information whenever possible and separate access to identified and de-identified data sets. For physical media store identified information in a separate locked file cabinet.

    Read more: Anonymize information

  • Data Retention

    Observe applicable data retention policies upon project completion. Securely delete the information if possible. If you must retain a copy of information at this level, ensure that it remains secure.

    Read more: Data Retention

  • Secure destruction

    Destroy devices and media that are no longer needed in a way such that no information can be recovered.

    Read more: Secure destruction

  • Data minimization

    Limit the storage and collection of data at this risk level to that which is necessary to accomplish the legitimate purpose for which it is collected.

    Read more: Data minimization

  • Secure deletion

    Securely delete information when it is no longer required by means that make it impossible to reconstruct the records.

    Read more: Secure deletion